This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Data dissection of 802.15.4 frames (lua-based)

0

I am using a sniffer (Uracoli) for wireless frames IEEE 802.15.4. When I see them in Wireshark, the packet details show the following tree (example):

+ Frame 1550: 28 bytes on wire...
+ IEEE 802.15.4 Data, Dst: 0x0000, Src: 0x0002
+ Data (17 Bytes)

Then, I have developed a custom protocol inside the "data" (=payload) field. I want to write a lua-based dissector to manage the new protocol. I.e. it should be like this (another example)

+ Frame 1550: 28 bytes on wire...
+ IEEE 802.15.4 Data, Dst: 0x0000, Src: 0x0002
- My Custom Message type 0x0A
    + Custom field 1
    + Another field 2

I have seen other posts, and I have the following in my .lua file:

 my_prot = Proto("my_prot","My Protocol")
 local IEEE802154_table = DissectorTable.get("wtap_encap")
 local IEEE802154_dissector = IEEE802154_table:get_dissector(104) -- 104 = "IEEE802_15_4" frames

function my_prot.dissector(buffer, pinfo, tree) IEEE802154_dissector:call(buffer, pinfo, tree)

  -- How can I dissect ONLY the payload (data) of the 802.15.4 frame?

end

IEEE802154_table:add (104, my_prot);

Some options I have tried:

  • Using “buffer(offset,len)” to select the data I don’t like because the data content may have different offsets from the start of frame.

  • Using “Field.new(“data.data”)” generates trouble like “A Field extractor must be defined before Taps of Dissectors get called”.


Thank you so much!
Jose Antonio

asked 09 Mar ‘15, 06:06

JoseATG's gravatar image

JoseATG
6112
accept rate: 0%


One Answer:

0

What you (probably) need is a postdissector in Lua.

http://wiki.wireshark.org/Lua/Examples/PostDissector

You can also have a look at questions tagged with postdissector.

https://ask.wireshark.org/tags/postdissector/

You'll aslo find sample code in some of these questions.

Regards
Kurt

answered 09 Mar '15, 14:04

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 09 Mar '15, 14:07